Devops Engineer

Automation Security Engineer

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Key Responsibilities:

• Automation Champion: Design, implement, and maintain automation scripts and tools to streamline security processes and improve efficiency.
• Security Integration: Integrate security tools and practices seamlessly into the CI/CD pipeline, including static and dynamic application security testing (SAST/DAST), vulnerability scanning, and security configuration management.
• Infrastructure as Code (IaC) Security: Implement security best practices within our IaC frameworks (e.g., Terraform, CloudFormation) to ensure secure infrastructure deployment and management.
• Cloud Security: Architect and implement security controls and best practices within cloud environments (e.g., AWS, GCP), ensuring compliance and protecting sensitive data.
• Threat Modelling and Risk Assessment: Participate in threat modelling exercises and conduct security risk assessments to identify and mitigate potential vulnerabilities.
• Incident Response: Participate in security incident response activities, providing technical expertise and contributing to post-incident analysis.
• Security Monitoring and Logging: Implement and maintain security monitoring and logging solutions to detect and respond to security events.
• Collaboration and Communication: Work closely with development, operations, and security teams to foster a security-conscious culture and provide guidance on secure development practices.
• Compliance and Governance: Assist in ensuring compliance with relevant security standards and regulations.
• Continuous Improvement: Stay current with the latest security trends, technologies, and best practices, and proactively recommend and implement improvements to streamline the automation and improve the security posture.